You are currently on:

Security & Privacy Policy

Bella di Notte value your custom and we take the security of your personal data very seriously.

We have published this notice so that you can be confident that your personal data is kept safely and securely. We also explain how we use your data to offer you a more personalised shopping experience.

Bella di Notte is the data controller. It is our responsibility to keep your data safe and we must ensure your data is only used in accordance with the GDPR.

In this notice, we explain how and why Bella di Notte collect information from you. We’ll tell you who we share your information with, why, and on what legal basis. We’ll also be clear about what your rights are, and give you a clear means of acting upon those rights if you choose to.

Bella di Notte process your data in accordance with relevant data protection and privacy laws including GDPR. It is necessary for us to process your data for one of the following reasons, or lawful bases:

– to fulfil our contract (order) with you,

– because there is a legal obligation upon us,

– because it is in our legitimate interests to process your data.

If you should have any concerns, queries or feedback relating to how we manage your personal data, please email us at dataprotection@belladinotte.com, or write to us at our head office in Malton. Our full postal address is Bella di Notte, Malton Enterprise Park, 6 Cherry Farm Close, Malton, YO17 6AD.

Within this policy is a section called ‘How to object or complain’. If you are unhappy about the way we manage your data, it is your right as an individual to complain to the Information Commissioner, who is the privacy regulator for the UK. Contact details for the Information Commissioner (ICO) are detailed under this section, along with all our contact details.

Bella di Notte is registered with the ICO’s Data Protection Register under number Z8589047.

How we use your data

Fulfiling orders

When you place an order with us over the telephone or on our website, Bella di Notte collect your personal data to fulfil your order.

When we say ‘data’, we mean your name, address, a telephone contact number, and an email address. These details are collected so we can keep you updated about the progress of your order.

The data we collect also includes taking your payment details and processing those payment details so that you can pay for your order.

Marketing

We may send you details of other Bella di Notte products that we think will be of interest to you. We do this by post or by email.

Bella di Notte process your personal data. We do this by profiling the data you give us and data we obtain from other sources. This is part of our standard marketing processes and helps us to keep our Marketing costs as efficient as possible. We hope our emails and catalogues will be of interest to you and that through sending you such offers, we will invite you to shop with us.

When Bella di Notte ask for your email address during a sale transaction, Bella di Notte may use your email address to send you special offers and information related to our own products.

If you do not want us to use your email address to contact you with marketing emails, please email dataprotection@belladinotte.com with the words 'Opt-out' in the subject line and your name, postcode, email address and mobile number in the body of the email. You can do this at any time.

We also encourage new customers to shop with us by sending them direct marketing through the post.

Bella di Notte process details of how you browse our websites and use this information to target advertising when you browse the internet or through emails. We are proud of our company and our products and we do this to ensure that our company grows. The companies we use are:

- Google Analytics- Google Tag Manager- Bing Ads- GA Audiences

Website visitors who don’t want their data used by Google Analytics can install the Google Analytics opt-out browser add-on. To opt-out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser. Learn more about the opt-out and how to properly install the browser add-on here.

Visitors can also opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings.

Further changes to this will be communicated by updating this notice. Please also see our updated Cookies policy.

Data exchange: buying data, trading data, selling data

Bella di Notte share the names and addresses of our customers who may appreciate the chance to shop with other similar, reputable mail order companies. Please note we never share email addresses.

We put customer name and address data in co-operative data pools. Occasionally we purchase databases or lists of people, including their postal addresses, from highly regarded data broking companies so we can market our collection to potential new customers; this enables us to grow our business.

As an established mail order retailer, we are keen to continue trading within a prosperous mail order industry. Sharing our data helps us to support and grow the mail order industry.

Human resources

At Bella di Notte we also process data in our HR department. This includes managing our employees and fulfilling our legal obligations to those employees. We also process data for the purposes of recruiting interested applicants for job vacancies.

Day to day Bella di Notte business activities

As with many businesses, we need to process personal data (including CCTV images) for our day to day business purposes, including the general security of our premises and other purposes such as cleaning, catering and events.Back to FAQ's

Data we need to collect

Bella di Notte need to collect data including your name, contact details and delivery details so we can fulfil our contract with you and send you your order.

We also need to collect information about your payment method and the bank details that go with it.

For Bella di Notte’s legitimate interests in running our business, we may also collect your contact details from high reputable organisations who sell and/or rent data for marketing purposes. You can opt out of this sharing at any time by emailing dataprotection@belladinotte.com.

We also use data about your browsing on our website to help us personalise your browsing experience and to provide you with relevant offers.

For your peace of mind, we monitor calls to our customer care department to help ensure we continue to provide you with the high levels of service you expect.Back to FAQ's

The security of your personal data

Bella di Notte take the security of your personal data very seriously. We have put in place reasonable physical, electronic, and administrative procedures to ensure the security of personal data.

Within our company, your personal data is accessible only to those employees who require access to perform their jobs.

Bella di Notte will never contact you or send emails asking you to provide personal information online. We would strongly advise you not to respond to any such emails or websites that ask you to do so.

We use encryption and pseudonymisation to help us to keep your information secure and we take steps to protect the electronic and physical security of our data assets including keeping our servers in secured buildings and limiting access to our IT systems.

All employees at Bella di Notte undergo training in Data Protection.

When we transfer data to processors or suppliers we use encryption, secure file transfer protocol (sftp) and password protection of files to ensure that data cannot be used by anyone other than the individual who it is intended for.Back to FAQ's

Data sharing

To enable our contractors, service providers and employees to carry out their processes such as delivering your parcel, we need to pass on information about you. For example, a key partner is Royal Mail, who need your address so they can deliver your parcel.

Bella di Notte have two main ways in which we share data with other retailers in exchange for data about prospective customers. The first is through data co-operatives, where a number of reputable retailers share information on their customer. This improves our understanding of our customers and enable us to exchange details. The second means is by direct exchanges of customer lists with other highly regarded mail order retailers.

The data co-operatives we use to share data on customers and prospective customers are:

In the event of our business being sold, your data will be transferred to the purchaser of the business. Back to FAQ's

Your statutory rights

Under the new GDPR laws effective 25 May 2018, you are entitled to:

- request to see a copy of the information we hold about you;- ask us to correct any information we hold that is incorrect;- ask us to delete some of your data;- have certain data given to you in a portable (electronic) format;- object to how we process your data;- ask us to not to process your data in certain circumstances.

The Right to Access allows you to get confirmation of whether we have any information about you. You can request a copy of this information, and you are entitled to understand why we have it, what we use it for and where we got it from.

The Right to Portability gives you the right to get some of your information in an easily machine readable format. This right is only applicable where the data is used for the performance of a contract or relies on your consent and is data that you provided to us. For Bella di Notte that means we will give you a machine readable copy of your transaction data (ie the items you ordered and payments you made) and any device fingerprinting data we have that we collected based on your consent.

The Right to Rectification – this means that Bella di Notte are responsible for correcting any inaccurate data we hold on you. If we should disagree that the data is inaccurate you can ask to have an explanation attached to the data.

The Right to be Erasure (Right to be forgotten) means that we must delete data on you if the reason we collected it is no longer valid, if we asked for your consent and you chose to withdraw it, if we do not have a sufficiently strong legitimate interest to use it and you object, if we have used it unlawfully or if we are required to forget you by law.

This information is processed as part of our contract with you and we are required to keep this data for seven years. Please note if you request this, Bella di Notte will also keep a record of your request for erasure, and if you ask us not to contact you for marketing purposes we keep a copy of your details to make sure we do not send you marketing in future. This is known as a suppression list.

The Right to Restriction means that we won't process your data at all (apart from storing it) while we verify its accuracy, establish whether our processing is lawful or where we don't need the data but you want us to keep it for establishing legal claims. If you ask us to assess whether our processing is within our legitimate interests, necessary and does not override your legitimate interests we have to restrict processing of your data. Bella di Notte will tell you before we start to use it again.

The Right to Object applies whenever we process data in our legitimate interests. You have the right to ask us to consider any objection you have to the way we process your data and if we cannot show a compelling reason to continue we have to stop. This right also gives you the ability to tell us not to send you any direct marketing at any time by emailing dataprotection@belladinotte.com. This is an absolute right that Bella di Notte are committed to respecting.Back to FAQ's

How long we keep your data for

Bella di Notte will retain data on your purchase history with us for five years. If you have not purchased from us in five years we will delete your personal data.

We store the data that we collect about your browsing habits for four years, although we may store anonymised data for longer to analyse trends.

We will retain enough information to show that someone worked for us, or the reasons for their dismissal. Back to FAQ's

Our lawful bases for using your data

Fulfiling orders

We collect your personal data to fulfil the orders you make with us for products and services. Back to FAQ's

Marketing

We rely on our legitimate interests as a retailer to market our products to you. This includes where we share data with other retailers for which we always provide you with a means to opt out. You can read more about opting out in the 'How to complain or object' section of our privacy policy.Back to FAQ's

Data exchange: buying data, trading data, selling data

We rely on our legitimate interests as a retailer to trade, sell or buy data. This includes where we share data with other retailers for which we always provide you with a means to opt out. You can read more about how to opt out in the 'How to complain or object' section of our privacy policy.

As an employer of staff we process personal data for the fulfilment of a contract with our employees or with the recruitment or employment agency that we commission to provide us with staff. For prospective employees we process personal data to enable us take steps preparatory to entering into a contract.

Our general business activities are largely performed by relying on our legitimate interest to trade and to undertake commercial activity.

For marketing we send to you by email we rely on our legitimate interests using the soft opt in provisions of the Privacy and Electronic Communications Regulations.

This privacy policy describes our lawful bases for our major activities. Within those activities there may be specific processes where we rely on a different lawful basis.Back to FAQ's

Consent

Bella di Notte, as data controller, has made a policy decision not to rely on previous consent for our processing activities and not to use it in preference to other lawful bases that we feel are more appropriate.

Where Bella di Notte do ask for your consent this will be clear and will request an affirmative action from you such as completing a document or ticking a box.

If you choose to give Bella di Notte your consent, we will provide you with an easy means of opt out at all times.

Bella di Notte follow the guidance issued by the Information Commissioner's Office on the subject of consent. This means that where we use an opt out mechanism, this is our way of allowing you to object to processing that we perform because we believe it is in our legitimate interests. The opt out mechanism is a means of giving you control but we understand that it does not indicate consent.

Bella di Notte will always respect any opt out that you choose to exercise and will never seek to over-ride it using our legitimate interests. Back to FAQ's

Who we get personal data from

We receive data on prospective customers from our data co-operative partners. These are currently:

Automated decision making

We use automated decision making and profiling when deciding what offers you receive through our direct Marketing. We do not believe this has a significant and serious enough impact on you to require us to reconsider the results of this profiling. If you do object to any profiling of you for direct marketing purposes please email dataprotection@belladinotte.com. Back to FAQ's

What happens when things change

Whenever our privacy policy changes, we will put the date it changed at the top of this page along with the updated version number.

If we make a very significant change to our privacy policy we will highlight it to our customers who are affected either by letter, by email or some other direct means.

If we make moderate changes we may highlight them on the front page of our website or in some other manner.

Minor changes are made from time to time and we will simply update the privacy policy and change the effective date. Back to FAQ's

Your complaint or query may initially be dealt with by a member of our customer care team but you have the right to have your issue looked at by our Data Protection team if you are still dissatisfied. In the event of any query still not being resolved it would be escalated to our Founder, Susan Johnson.

If after complaining to us you are dissatisfied with how we have handled your data you can also complain to the Information Commissioner who is the independent regulator of your privacy rights. Their details can be found at www.ico.org.uk.Back to FAQ's

Working at our company

If you send us your CV either by email or through our website we will retain it for a period of 6 months to consider you for all positions.

If you only wish to be considered for one specific vacancy and to then have your CV deleted please let us know when you apply.